Lucene search

[email protected]NVD:CVE-2020-26149

HistorySep 30, 2020 - 6:15 p.m.

CVE-2020-26149

2020-09-3018:15:27

CWE-522

[email protected]

web.nvd.nist.gov

nats

nats.js

nats.ws

nats.deno

credential disclosure

client

server.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.1%

JSON

NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.

Affected configurations

Nvd

Node

linuxfoundationnats.denoRange<1.0.0-9

linuxfoundationnats.jsRange<2.0.0-209node.js

linuxfoundationnats.wsRange<1.0.0-111

VendorProductVersionCPE
linuxfoundationnats.deno*cpe:2.3:a:linuxfoundation:nats.deno:*:*:*:*:*:*:*:*
linuxfoundationnats.js*cpe:2.3:a:linuxfoundation:nats.js:*:*:*:*:*:node.js:*:*
linuxfoundationnats.ws*cpe:2.3:a:linuxfoundation:nats.ws:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linuxfoundation	nats.deno	*	cpe:2.3:a:linuxfoundation:nats.deno::::::::
linuxfoundation	nats.js	*	cpe:2.3:a:linuxfoundation:nats.js::::::node.js::*
linuxfoundation	nats.ws	*	cpe:2.3:a:linuxfoundation:nats.ws::::::::